handlers

package
v4.34.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 18, 2022 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ActionTOTPRegistration is the string representation of the action for which the token has been produced.
	ActionTOTPRegistration = "RegisterTOTPDevice"

	// ActionWebauthnRegistration is the string representation of the action for which the token has been produced.
	ActionWebauthnRegistration = "RegisterWebauthnDevice"

	// ActionResetPassword is the string representation of the action for which the token has been produced.
	ActionResetPassword = "ResetPassword"
)
View Source 
const (
	// Forbidden means the user is forbidden the access to a resource.
	Forbidden authorizationMatching = iota
	// NotAuthorized means the user can access the resource with more permissions.
	NotAuthorized authorizationMatching = iota
	// Authorized means the user is authorized given her current permissions.
	Authorized authorizationMatching = iota
)

Variables

View Source 
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{ActionClaim: ActionResetPassword}, resetPasswordIdentityFinish)

ResetPasswordIdentityFinish the handler for finishing the identity validation.

View Source 
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:             "Reset your password",
	MailButtonContent:     "Reset",
	TargetEndpoint:        "/reset-password/step2",
	ActionClaim:           ActionResetPassword,
	IdentityRetrieverFunc: identityRetrieverFromStorage,
}, middlewares.TimingAttackDelay(10, 250, 85, time.Millisecond*500))

ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password. We need to ensure the attacker cannot perform user enumeration by always replying with 200 whatever what happens in backend.

View Source 
var SecondFactorTOTPIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{
		ActionClaim:          ActionTOTPRegistration,
		IsTokenUserValidFunc: isTokenUserValidFor2FARegistration,
	}, secondFactorTOTPIdentityFinish)

SecondFactorTOTPIdentityFinish the handler for finishing the identity validation.

View Source 
var SecondFactorTOTPIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:             "Register your mobile",
	MailButtonContent:     "Register",
	TargetEndpoint:        "/one-time-password/register",
	ActionClaim:           ActionTOTPRegistration,
	IdentityRetrieverFunc: identityRetrieverFromSession,
}, nil)

SecondFactorTOTPIdentityStart the handler for initiating the identity validation.

View Source 
var SecondFactorWebauthnIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{
		ActionClaim:          ActionWebauthnRegistration,
		IsTokenUserValidFunc: isTokenUserValidFor2FARegistration,
	}, SecondFactorWebauthnAttestationGET)

SecondFactorWebauthnIdentityFinish the handler for finishing the identity validation.

View Source 
var SecondFactorWebauthnIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:             "Register your key",
	MailButtonContent:     "Register",
	TargetEndpoint:        "/webauthn/register",
	ActionClaim:           ActionWebauthnRegistration,
	IdentityRetrieverFunc: identityRetrieverFromSession,
}, nil)

SecondFactorWebauthnIdentityStart the handler for initiating the identity validation.

Functions

func CheckSafeRedirection 

func CheckSafeRedirection(ctx *middlewares.AutheliaCtx)

CheckSafeRedirection handler checking whether the redirection to a given URL provided in body is safe.

func ConfigurationGet 

func ConfigurationGet(ctx *middlewares.AutheliaCtx)

ConfigurationGet get the configuration accessible to authenticated users.

func FirstFactorPost 

func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.RequestHandler

FirstFactorPost is the handler performing the first factory.

func Handle1FAResponse 

func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI, requestMethod string, username string, groups []string)

Handle1FAResponse handle the redirection upon 1FA authentication.

func Handle2FAResponse 

func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string)

Handle2FAResponse handle the redirection upon 2FA authentication.

func HandleAllow added in v4.33.0 

func HandleAllow(ctx *middlewares.AutheliaCtx, targetURL string)

HandleAllow handler for successful logins.

func HandleAutoSelection added in v4.33.0 

func HandleAutoSelection(ctx *middlewares.AutheliaCtx, devices []DuoDevice, username string) (string, string, error)

HandleAutoSelection handler automatically selects preferred device if there is only one suitable option.

func HandleInitialDeviceSelection added in v4.33.0 

func HandleInitialDeviceSelection(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, targetURL string) (device string, method string, err error)

HandleInitialDeviceSelection handler for retrieving all available devices.

func HandlePreferredDeviceCheck added in v4.33.0 

func HandlePreferredDeviceCheck(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, device string, method string, targetURL string) (string, string, error)

HandlePreferredDeviceCheck handler to check if the saved device and method is still valid.

func HealthGet 

func HealthGet(ctx *middlewares.AutheliaCtx)

HealthGet can be used by health checks.

func LogoutPost 

func LogoutPost(ctx *middlewares.AutheliaCtx)

LogoutPost is the handler logging out the user attached to the given cookie.

func MethodPreferencePost 

func MethodPreferencePost(ctx *middlewares.AutheliaCtx)

MethodPreferencePost update the user preferences regarding 2FA method.

func RegisterOIDC 

func RegisterOIDC(router *router.Router, middleware middlewares.RequestHandlerBridge)

RegisterOIDC registers the handlers with the fasthttp *router.Router. TODO: Add paths for Flush, Logout.

func ResetPasswordPost 

func ResetPasswordPost(ctx *middlewares.AutheliaCtx)

ResetPasswordPost handler for resetting passwords.

func SecondFactorDuoDeviceDelete added in v4.33.0 

func SecondFactorDuoDeviceDelete(ctx *middlewares.AutheliaCtx)

SecondFactorDuoDeviceDelete deletes the useres preferred Duo device and method.

func SecondFactorDuoDevicePost added in v4.33.0 

func SecondFactorDuoDevicePost(ctx *middlewares.AutheliaCtx)

SecondFactorDuoDevicePost update the user preferences regarding Duo device and method.

func SecondFactorDuoDevicesGet added in v4.33.0 

func SecondFactorDuoDevicesGet(duoAPI duo.API) middlewares.RequestHandler

SecondFactorDuoDevicesGet handler for retrieving available devices and capabilities from duo api.

func SecondFactorDuoPost 

func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler

SecondFactorDuoPost handler for sending a push notification via duo api.

func SecondFactorTOTPPost 

func SecondFactorTOTPPost(ctx *middlewares.AutheliaCtx)

SecondFactorTOTPPost validate the TOTP passcode provided by the user.

func SecondFactorWebauthnAssertionGET added in v4.34.0 

func SecondFactorWebauthnAssertionGET(ctx *middlewares.AutheliaCtx)

SecondFactorWebauthnAssertionGET handler starts the assertion ceremony.

func SecondFactorWebauthnAssertionPOST added in v4.34.0 

func SecondFactorWebauthnAssertionPOST(ctx *middlewares.AutheliaCtx)

SecondFactorWebauthnAssertionPOST handler completes the assertion ceremony after verifying the challenge.

func SecondFactorWebauthnAttestationGET added in v4.34.0 

func SecondFactorWebauthnAttestationGET(ctx *middlewares.AutheliaCtx, _ string)

SecondFactorWebauthnAttestationGET returns the attestation challenge from the server.

func SecondFactorWebauthnAttestationPOST added in v4.34.0 

func SecondFactorWebauthnAttestationPOST(ctx *middlewares.AutheliaCtx)

SecondFactorWebauthnAttestationPOST processes the attestation challenge response from the client.

func SetValues added in v4.33.0 

func SetValues(userSession session.UserSession, device string, method string, remoteIP string, targetURL string, passcode string) (url.Values, error)

SetValues sets all appropriate Values for the Auth Request.

func StateGet 

func StateGet(ctx *middlewares.AutheliaCtx)

StateGet is the handler serving the user state.

func UserInfoGet 

func UserInfoGet(ctx *middlewares.AutheliaCtx)

UserInfoGet get the info related to the user identified by the session.

func UserTOTPGet added in v4.33.0 

func UserTOTPGet(ctx *middlewares.AutheliaCtx)

UserTOTPGet returns the users TOTP configuration.

func VerifyGet 

func VerifyGet(cfg schema.AuthenticationBackendConfiguration) middlewares.RequestHandler

VerifyGet returns the handler verifying if a request is allowed to go through.

Types

type ConsentPostRequestBody 

type ConsentPostRequestBody struct {
	ClientID       string `json:"client_id"`
	AcceptOrReject string `json:"accept_or_reject"`
}

ConsentPostRequestBody schema of the request body of the consent POST endpoint.

type ConsentPostResponseBody 

type ConsentPostResponseBody struct {
	RedirectURI string `json:"redirect_uri"`
}

ConsentPostResponseBody schema of the response body of the consent POST endpoint.

type DuoDevice added in v4.33.0 

type DuoDevice struct {
	Device       string   `json:"device"`
	DisplayName  string   `json:"display_name"`
	Capabilities []string `json:"capabilities"`
}

DuoDevice represents Duo devices and methods.

func DuoPreAuth added in v4.33.0 

func DuoPreAuth(ctx *middlewares.AutheliaCtx, duoAPI duo.API) (string, string, []DuoDevice, string, error)

DuoPreAuth helper function for retrieving supported devices and capabilities from duo api.

type DuoDeviceBody added in v4.33.0 

type DuoDeviceBody struct {
	Device string `json:"device" valid:"required"`
	Method string `json:"method" valid:"required"`
}

DuoDeviceBody the selected Duo device and method.

type DuoDevicesResponse added in v4.33.0 

type DuoDevicesResponse struct {
	Result    string      `json:"result" valid:"required"`
	Devices   []DuoDevice `json:"devices,omitempty"`
	EnrollURL string      `json:"enroll_url,omitempty"`
}

DuoDevicesResponse represents all available user devices and methods as well as an optional enrollment url.

type DuoSignResponse added in v4.33.0 

type DuoSignResponse struct {
	Result    string      `json:"result" valid:"required"`
	Devices   []DuoDevice `json:"devices,omitempty"`
	Redirect  string      `json:"redirect,omitempty"`
	EnrollURL string      `json:"enroll_url,omitempty"`
}

DuoSignResponse represents a result of the preauth and or auth call with further optional info.

type MethodList 

type MethodList = []string

MethodList is the list of available methods.

type StateResponse 

type StateResponse struct {
	Username              string               `json:"username"`
	AuthenticationLevel   authentication.Level `json:"authentication_level"`
	DefaultRedirectionURL string               `json:"default_redirection_url"`
}

StateResponse represents the response sent by the state endpoint.

type TOTPKeyResponse 

type TOTPKeyResponse struct {
	Base32Secret string `json:"base32_secret"`
	OTPAuthURL   string `json:"otpauth_url"`
}

TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.